[libvirt] [PATCH v3 5/7] tests: Add various network and volume definitions
Osier Yang
jyang at redhat.com
Mon Jul 22 11:06:39 UTC 2013
On 19/07/13 20:32, John Ferlan wrote:
> Although they produce no seclabel data, add some tests for coverage of
> various network and volume disk definitions
> ---
> tests/securityselinuxlabeldata/netdisks.txt | 5 +++
> tests/securityselinuxlabeldata/netdisks.xml | 58 +++++++++++++++++++++++++++++
> tests/securityselinuxlabeldata/voldisks.txt | 5 +++
> tests/securityselinuxlabeldata/voldisks.xml | 45 ++++++++++++++++++++++
> tests/securityselinuxlabeltest.c | 2 +
> 5 files changed, 115 insertions(+)
> create mode 100644 tests/securityselinuxlabeldata/netdisks.txt
> create mode 100644 tests/securityselinuxlabeldata/netdisks.xml
> create mode 100644 tests/securityselinuxlabeldata/voldisks.txt
> create mode 100644 tests/securityselinuxlabeldata/voldisks.xml
>
> diff --git a/tests/securityselinuxlabeldata/netdisks.txt b/tests/securityselinuxlabeldata/netdisks.txt
> new file mode 100644
> index 0000000..b6bf95f
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/netdisks.txt
> @@ -0,0 +1,5 @@
> +/nbd.raw;
> +/iscsi.raw;
> +/rbd.raw;
> +/sheepdog.raw;
> +/gluster.raw;
> diff --git a/tests/securityselinuxlabeldata/netdisks.xml b/tests/securityselinuxlabeldata/netdisks.xml
> new file mode 100644
> index 0000000..ab5e964
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/netdisks.xml
> @@ -0,0 +1,58 @@
> +<domain type='kvm'>
> + <name>vm1</name>
> + <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
> + <memory unit='KiB'>219200</memory>
> + <os>
> + <type arch='i686' machine='pc-1.0'>hvm</type>
> + <boot dev='cdrom'/>
> + </os>
> + <devices>
> + <disk type='network' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source protocol='nbd' file="/nbd.raw">
> + <host name='example.org' port='6000'/>
> + </source>
> + <target dev='vda' bus='virtio'/>
> + </disk>
> + <disk type='network' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source protocol='iscsi' name='iqn.1992-01.com.example/1' file="/iscsi.raw">
i'm not clear with the security tests, but this xml looks incorrect.
"file" is one
way to represent the disk source, it's exclusive with other ways (e.g.
protocol/name
here) in semantics. similar for below. why do you use both "file" and
other ways
for disk source represention together?
> + <host name='example.org' port='6000'/>
> + </source>
> + <target dev='vdb' bus='virtio'/>
> + </disk>
> + <disk type='network'>
> + <driver name="qemu" type="raw"/>
> + <source protocol="rbd" name="image_name2" file="/rbd.raw">
> + <host name="hostname" port="7000"/>
> + </source>
> + <target dev="hdb" bus="ide"/>
> + <auth username='myuser'>
> + <secret type='ceph' usage='mypassid'/>
> + </auth>
> + </disk>
> + <disk type='network'>
> + <driver name="qemu" type="raw"/>
> + <source protocol="sheepdog" name="image_name" file="/sheepdog.raw">
> + <host name="hostname" port="7000"/>
> + </source>
> + <target dev="hdb" bus="ide"/>
> + </disk>
> + <disk type='network' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source protocol='gluster' name='Volume/Image' file='/gluster.raw'>
> + <host name='example.org' port='6000' transport='tcp'/>
> + </source>
> + <target dev='vda' bus='virtio'/>
> + </disk>
> +
> + <input type='mouse' bus='ps2'/>
> + <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
> + <listen type='address' address='0.0.0.0'/>
> + </graphics>
> + </devices>
> + <seclabel model="selinux" type="dynamic" relabel="yes">
> + <label>system_u:system_r:svirt_t:s0:c41,c264</label>
> + <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
> + </seclabel>
> +</domain>
> diff --git a/tests/securityselinuxlabeldata/voldisks.txt b/tests/securityselinuxlabeldata/voldisks.txt
> new file mode 100644
> index 0000000..bd5d755
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/voldisks.txt
> @@ -0,0 +1,5 @@
> +/file.raw;
> +/disk.raw;
> +/host.raw;
> +/direct.raw;
> +/cdrom.raw;
> diff --git a/tests/securityselinuxlabeldata/voldisks.xml b/tests/securityselinuxlabeldata/voldisks.xml
> new file mode 100644
> index 0000000..ae7e629
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/voldisks.xml
> @@ -0,0 +1,45 @@
> +<domain type='kvm'>
> + <name>vm1</name>
> + <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
> + <memory unit='KiB'>219200</memory>
> + <os>
> + <type arch='i686' machine='pc-1.0'>hvm</type>
> + <boot dev='cdrom'/>
> + </os>
> + <devices>
> + <disk type='volume' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source pool='dir-pool0' volume='dir-pool0-vol0' file='/file.raw'/>
> + <target dev='hda' bus='ide'/>
> + </disk>
> + <disk type='volume' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source pool='dir-pool0' volume='dir-pool0-vol0' mode='host' file='/host.raw'/>
> + <target dev='hda' bus='ide'/>
> + </disk>
> + <disk type='volume' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source pool='dir-pool0' volume='dir-pool0-vol0' mode='direct' file='/direct.raw'/>
> + <target dev='hda' bus='ide'/>
> + </disk>
> + <disk type='volume' device='disk'>
> + <driver name='qemu' type='raw'/>
> + <source pool='blk-pool0' volume='blk-pool0-vol0' file='/plain.raw'/>
> + <target dev='hda' bus='ide'/>
> + </disk>
> + <disk type='volume' device='cdrom'>
> + <driver name='qemu' type='raw'/>
> + <source pool='blk-pool0' volume='blk-pool0-vol1' file='/cdrom.raw'/>
> + <target dev='hda' bus='ide'/>
> + <readonly/>
> + </disk>
> + <input type='mouse' bus='ps2'/>
> + <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
> + <listen type='address' address='0.0.0.0'/>
> + </graphics>
> + </devices>
> + <seclabel model="selinux" type="dynamic" relabel="yes">
> + <label>system_u:system_r:svirt_t:s0:c41,c264</label>
> + <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
> + </seclabel>
> +</domain>
> diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
> index efe825a..8c88cfd 100644
> --- a/tests/securityselinuxlabeltest.c
> +++ b/tests/securityselinuxlabeltest.c
> @@ -332,6 +332,8 @@ mymain(void)
> setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
>
> DO_TEST_LABELING("disks");
> + DO_TEST_LABELING("netdisks");
> + DO_TEST_LABELING("voldisks");
> DO_TEST_LABELING("kernel");
> DO_TEST_LABELING("chardev");
>
More information about the libvir-list
mailing list